December 6th: FIA Tech Atlantis Access Restored in Time for End-of-Day Processing
The FIA Tech Atlantis system outage has been resolved. Users are now able to access the Atlantis User Interface, and end-of-day processes will be run tonight to create daily files.
Once in Atlantis, users will be able to perform all actions and review data available in the system prior to the outage. For those exchanges connected to FIA Tech, we resumed loading trade files real time on Dec 6th.
During the outage FIA Tech was unable to receive and load trade files from exchanges, therefore trades from Dec 2-5th are not present in Atlantis yet. FIA Tech has begun to receive the backload of trade files from our connected exchanges, and we're loading these trades over the weekend so that they'll be available to users on Monday morning. Firms can check the status of which trade files have been received and loaded here. We'll keep this page updated as we receive and load additional files.
December 5th: FIA Tech Docs Access Restored
December 4th: FIA Tech OCR Access Restored
The FIA Tech OCR system outage has been resolved. Users are now able to access the FIA Tech OCR tool through the User Interface. FIA Tech OCR can now receive files from reporting entities and report triggers via SFTP.
Reporting Entities should resume sending trigger files to FIA Tech’s OCR service. We have tested thoroughly with the CFTC, and our OCR service can be used to trigger the delivery of reports to the CFTC once again. FIA Tech’s report submission to exchanges has now been enabled as well. An updated list of exchanges that are connected is available here.
Customer Communication - Sent to Docs, OCR and Atlantis users on December 2nd, 2019
FIA Tech Customer
- When will each service be available? We are working to return OCR to production before EOD EST Tuesday, December 3. We then plan to restore Docs and Atlantis which we expect to stretch into Wednesday. There are numerous dependencies which could negatively impact these timeframes, so we’ll be in touch with regular updates.
- How do you know whether data was extracted by the attackers? From examining log files, firewalls and evidence on our affected machines we did not see evidence of data being accessed. Our service provider also has not identified any evidence of unauthorized acquisition of data. From the experience of security consultants and law enforcement with the specific attacker/group who conducted the attack, the attacker is focused on obtaining ransoms for decrypting the infected servers. We will continue to investigate with the aid of forensic security firms and will advise if the assessment changes.
- Were you running virus/malware prevention tools or intrusion detection tools? Why didn’t they stop this? Yes, we were running an industry standard set of protection services for preventing intrusions, viruses, malware, etc. Based on our initial research, the attack on our datacenter provider involved a combination of tools, and then finally the encryption of our machines was performed by a variant of Ransom.Win32.SODINOKIBI.AUWTF. The signature of this variant was not in the databases of many commercial antivirus providers. We provided information on the variant to our provider (TrendMicro) who has now updated signatures to catch this new variant.
- Will my firm need to do anything to get logged in? All passwords will be set as expired in the new environments and users will be required to establish a new password.
- I have systems which send/receive data electronically. Will my API or SFTP account still work? We also will be resetting all API and SFTP passwords and keys. Separate instructions from each product support team will be provided on Tuesday regarding steps needed to reestablish connectivity for each service.
- Will all my data be in the system once restored? We expect zero data loss but recovery efforts are still underway.
- Can I have my information security team contact you for more information? Yes, please have them reach out to our Head of Risk & BCP, Patrick Lefler at email@example.com. We plan to have regular calls where we and as appropriate our forensic security consultants will provide more details on the incident.